Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/jsiwek/reporter-weird-sampling-api-tweaks'

Browse source 
* origin/topic/jsiwek/reporter-weird-sampling-api-tweaks:
  Improve Reporter weird-sampling-whitelist getters/setters
This commit is contained in:
Jon Siwek 2020-09-09 10:46:37 -07:00
commit b620ace06b
4 changed files with 40 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

29
CHANGES
View file

@ -1,4 +1,33 @@
3.3.0-dev.258 | 2020-09-09 10:46:37 -0700
* Improve Reporter weird-sampling-whitelist getters/setters (Jon Siwek, Corelight)
- getter methods return const-ref
- setter methods pass by value and std::move()
- ranged-for loops over the whitelists access by const-ref
* Fix memory leak caused by re-entering GTPv1 parsing (Jon Siwek, Corelight)
If the inner packet of a decapsulated GTPv1 frame maps to the same
Connection as the outer packet and also contains another GTPv1
encapsulation, the same GTPv1 analyzer attempts to parse the inner
packet. In the process, the inner parsing method overwrites pointers to
memory resources the outer parsing method has not yet released and
results in a memory leak.
* Fix memory leak caused by re-entering AYIYA parsing (Jon Siwek, Corelight)
If the inner packet of a decapsulated AYIYA frame maps to the same
Connection as the outer packet and also contains another AYIYA
encapsulation, the same AYIYA analyzer attempts to parse the inner
packet. In the process, the inner parsing method overwrites pointers to
memory resources the outer parsing method has not yet released and
results in a memory leak.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25256
3.3.0-dev.254 | 2020-09-08 17:21:16 -0700 3.3.0-dev.254 | 2020-09-08 17:21:16 -0700
* GH-343: Change HTTP DPD signatures to trigger analyzer independent of peer state. (Robin Sommer, Corelight) * GH-343: Change HTTP DPD signatures to trigger analyzer independent of peer state. (Robin Sommer, Corelight)

2
VERSION
View file

@ -1 +1 @@
3.3.0-dev.254 3.3.0-dev.258

12
src/Reporter.h
View file

@ -175,7 +175,7 @@ public:
/** /**
* Gets the weird sampling whitelist. * Gets the weird sampling whitelist.
*/ */
WeirdSet GetWeirdSamplingWhitelist() const const WeirdSet& GetWeirdSamplingWhitelist() const
{ {
return weird_sampling_whitelist; return weird_sampling_whitelist;
} }
@ -185,15 +185,15 @@ public:
* *
* @param weird_sampling_whitelist New weird sampling whitelist. * @param weird_sampling_whitelist New weird sampling whitelist.
*/ */
void SetWeirdSamplingWhitelist(const WeirdSet& weird_sampling_whitelist) void SetWeirdSamplingWhitelist(WeirdSet weird_sampling_whitelist)
{ {
this->weird_sampling_whitelist = weird_sampling_whitelist; this->weird_sampling_whitelist = std::move(weird_sampling_whitelist);
} }
/** /**
* Gets the weird sampling global list. * Gets the weird sampling global list.
*/ */
WeirdSet GetWeirdSamplingGlobalList() const const WeirdSet& GetWeirdSamplingGlobalList() const
{ {
return weird_sampling_global_list; return weird_sampling_global_list;
} }
@ -203,9 +203,9 @@ public:
* *
* @param weird_sampling_global list New weird sampling global list. * @param weird_sampling_global list New weird sampling global list.
*/ */
void SetWeirdSamplingGlobalList(const WeirdSet& weird_sampling_global_list) void SetWeirdSamplingGlobalList(WeirdSet weird_sampling_global_list)
{ {
this->weird_sampling_global_list = weird_sampling_global_list; this->weird_sampling_global_list = std::move(weird_sampling_global_list);
} }
/** /**

8
src/reporter.bif
View file

@ -164,7 +164,7 @@ function Reporter::file_weird%(name: string, f: fa_file, addl: string &default="
function Reporter::get_weird_sampling_whitelist%(%): string_set function Reporter::get_weird_sampling_whitelist%(%): string_set
%{ %{
auto set = zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set); auto set = zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set);
for ( auto el : reporter->GetWeirdSamplingWhitelist() ) for ( const auto& el : reporter->GetWeirdSamplingWhitelist() )
{ {
auto idx = zeek::make_intrusive<zeek::StringVal>(el); auto idx = zeek::make_intrusive<zeek::StringVal>(el);
set->Assign(std::move(idx), nullptr); set->Assign(std::move(idx), nullptr);
@ -194,7 +194,7 @@ function Reporter::set_weird_sampling_whitelist%(weird_sampling_whitelist: strin
whitelist_set.emplace(move(key)); whitelist_set.emplace(move(key));
delete k; delete k;
} }
reporter->SetWeirdSamplingWhitelist(whitelist_set); reporter->SetWeirdSamplingWhitelist(std::move(whitelist_set));
return zeek::val_mgr->True(); return zeek::val_mgr->True();
%} %}
@ -204,7 +204,7 @@ function Reporter::set_weird_sampling_whitelist%(weird_sampling_whitelist: strin
function Reporter::get_weird_sampling_global_list%(%): string_set function Reporter::get_weird_sampling_global_list%(%): string_set
%{ %{
auto set = zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set); auto set = zeek::make_intrusive<zeek::TableVal>(zeek::id::string_set);
for ( auto el : reporter->GetWeirdSamplingGlobalList() ) for ( const auto& el : reporter->GetWeirdSamplingGlobalList() )
{ {
auto idx = zeek::make_intrusive<zeek::StringVal>(el); auto idx = zeek::make_intrusive<zeek::StringVal>(el);
set->Assign(std::move(idx), nullptr); set->Assign(std::move(idx), nullptr);
@ -234,7 +234,7 @@ function Reporter::set_weird_sampling_global_list%(weird_sampling_global_list: s
global_list_set.emplace(move(key)); global_list_set.emplace(move(key));
delete k; delete k;
} }
reporter->SetWeirdSamplingGlobalList(global_list_set); reporter->SetWeirdSamplingGlobalList(std::move(global_list_set));
return zeek::val_mgr->True(); return zeek::val_mgr->True();
%} %}